If we go ahead with this these two sentences Validating resolvers MUST treat RRSIG records created from DNSKEY records using these algorithms as insecure. If no other RRSIG records of accepted cryptographic algorithms are available, the validating resolver MUST consider the associated resource records as Bogus.
need to be replaced with Validating resolvers MUST treat RRSIG records created from DNSKEY records using these algorithms as an unsupported algorithm. If no other RRSIG records of accepted cryptographic algorithms are available, the validating resolver MUST consider the associated resource records as Insecure. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop